CVE-2021-43944

Опубликовано: 08 мар. 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.

Ссылки

https://jira.atlassian.com/browse/JRASERVER-73072
Issue Tracking
Vendor Advisory
https://jira.atlassian.com/browse/JRASERVER-73072
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

Версия до 8.13.15 (исключая)

cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

Версия от 8.14.0 (включая) до 8.20.3 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия до 8.13.15 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 8.14.0 (включая) до 8.20.3 (исключая)

EPSS

Процентиль: 83%

0.01969

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-7gx3-2prj-gfr9